OpenSSL 1.0.0f: import upstream source

10 files changed, 101 insertions, 58 deletions

diff --git a/src/lib/libcrypto/bio/bf_buff.c b/src/lib/libcrypto/bio/bf_buff.c
index c1fd75aaad..4b5a132d8a 100644
--- a/src/lib/libcrypto/bio/bf_buff.c
+++ b/src/lib/libcrypto/bio/bf_buff.c
@@ -209,7 +209,7 @@ start:
         /* add to buffer and return */
         if (i >= inl)
                 {
-                memcpy(&(ctx->obuf[ctx->obuf_len]),in,inl);
+                memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,inl);
                 ctx->obuf_len+=inl;
                 return(num+inl);
                 }
@@ -219,7 +219,7 @@ start:
                 {
                 if (i > 0) /* lets fill it up if we can */
                         {
-                        memcpy(&(ctx->obuf[ctx->obuf_len]),in,i);
+                        memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,i);
                         in+=i;
                         inl-=i;
                         num+=i;
@@ -294,9 +294,9 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
         case BIO_C_GET_BUFF_NUM_LINES:
                 ret=0;
                 p1=ctx->ibuf;
-                for (i=ctx->ibuf_off; i<ctx->ibuf_len; i++)
+                for (i=0; i<ctx->ibuf_len; i++)
                         {
-                        if (p1[i] == '\n') ret++;
+                        if (p1[ctx->ibuf_off + i] == '\n') ret++;
                         }
                 break;
         case BIO_CTRL_WPENDING:
@@ -399,17 +399,18 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
                 for (;;)
                         {
                         BIO_clear_retry_flags(b);
-                        if (ctx->obuf_len > ctx->obuf_off)
+                        if (ctx->obuf_len > 0)
                                 {
                                 r=BIO_write(b->next_bio,
                                         &(ctx->obuf[ctx->obuf_off]),
-                                        ctx->obuf_len-ctx->obuf_off);
+                                        ctx->obuf_len);
 #if 0
-fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_off,r);
+fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len,r);
 #endif
                                 BIO_copy_next_retry(b);
                                 if (r <= 0) return((long)r);
                                 ctx->obuf_off+=r;
+                                ctx->obuf_len-=r;
                                 }
                         else
                                 {
diff --git a/src/lib/libcrypto/bio/bio.h b/src/lib/libcrypto/bio/bio.h
index 152802fbdf..ab47abcf14 100644
--- a/src/lib/libcrypto/bio/bio.h
+++ b/src/lib/libcrypto/bio/bio.h
@@ -306,6 +306,15 @@ DECLARE_STACK_OF(BIO)
 
 typedef struct bio_f_buffer_ctx_struct
         {
+        /* Buffers are setup like this:
+         *
+         * <---------------------- size ----------------------->
+         * +---------------------------------------------------+
+         * | consumed | remaining          | free space        |
+         * +---------------------------------------------------+
+         * <-- off --><------- len ------->
+         */
+
         /* BIO *bio; */ /* this is now in the BIO struct */
         int ibuf_size;  /* how big is the input buffer */
         int obuf_size;  /* how big is the output buffer */
diff --git a/src/lib/libcrypto/bn/asm/ppc.pl b/src/lib/libcrypto/bn/asm/ppc.pl
index 37c65d3511..f4093177e6 100644
--- a/src/lib/libcrypto/bn/asm/ppc.pl
+++ b/src/lib/libcrypto/bn/asm/ppc.pl
@@ -949,7 +949,7 @@ $data=<<EOF;
         addze   r11,r0
                                         #mul_add_c(a[3],b[2],c3,c1,c2);
         $LD     r6,`3*$BNSZ`(r4)
-        $LD     r7,`2*$BNSZ`(r4)
+        $LD     r7,`2*$BNSZ`(r5)
         $UMULL  r8,r6,r7
         $UMULH  r9,r6,r7
         addc    r12,r8,r12
diff --git a/src/lib/libcrypto/bn/asm/x86-mont.pl b/src/lib/libcrypto/bn/asm/x86-mont.pl
index 5cd3cd2ed5..e8f6b05084 100755
--- a/src/lib/libcrypto/bn/asm/x86-mont.pl
+++ b/src/lib/libcrypto/bn/asm/x86-mont.pl
@@ -527,8 +527,10 @@ $sbit=$num;
         &jle    (&label("sqradd"));
 
         &mov    ($carry,"edx");
-        &lea    ("edx",&DWP(0,$sbit,"edx",2));
+        &add    ("edx","edx");
         &shr    ($carry,31);
+        &add    ("edx",$sbit);
+        &adc    ($carry,0);
 &set_label("sqrlast");
         &mov    ($word,$_n0);
         &mov    ($inp,$_np);
diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c
index e060592fdc..9ed8bc2b40 100644
--- a/src/lib/libcrypto/bn/bn_blind.c
+++ b/src/lib/libcrypto/bn/bn_blind.c
@@ -126,7 +126,7 @@ struct bn_blinding_st
                                   * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
 #endif
         CRYPTO_THREADID tid;
-        unsigned int  counter;
+        int counter;
         unsigned long flags;
         BN_MONT_CTX *m_ctx;
         int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
@@ -160,7 +160,10 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
         if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
                 BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
 
-        ret->counter = BN_BLINDING_COUNTER;
+        /* Set the counter to the special value -1
+         * to indicate that this is never-used fresh blinding
+         * that does not need updating before first use. */
+        ret->counter = -1;
         CRYPTO_THREADID_current(&ret->tid);
         return(ret);
 err:
@@ -190,7 +193,10 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
                 goto err;
                 }
 
-        if (--(b->counter) == 0 && b->e != NULL &&
+        if (b->counter == -1)
+                b->counter = 0;
+
+        if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
                 !(b->flags & BN_BLINDING_NO_RECREATE))
                 {
                 /* re-create blinding parameters */
@@ -205,8 +211,8 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
 
         ret=1;
 err:
-        if (b->counter == 0)
-                b->counter = BN_BLINDING_COUNTER;
+        if (b->counter == BN_BLINDING_COUNTER)
+                b->counter = 0;
         return(ret);
         }
 
@@ -227,6 +233,12 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
                 return(0);
                 }
 
+        if (b->counter == -1)
+                /* Fresh blinding, doesn't need updating. */
+                b->counter = 0;
+        else if (!BN_BLINDING_update(b,ctx))
+                return(0);
+
         if (r != NULL)
                 {
                 if (!BN_copy(r, b->Ai)) ret=0;
@@ -247,22 +259,19 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ct
         int ret;
 
         bn_check_top(n);
-        if ((b->A == NULL) || (b->Ai == NULL))
-                {
-                BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
-                return(0);
-                }
 
         if (r != NULL)
                 ret = BN_mod_mul(n, n, r, b->mod, ctx);
         else
-                ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
-
-        if (ret >= 0)
                 {
-                if (!BN_BLINDING_update(b,ctx))
+                if (b->Ai == NULL)
+                        {
+                        BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
                         return(0);
+                        }
+                ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
                 }
+
         bn_check_top(n);
         return(ret);
         }
diff --git a/src/lib/libcrypto/ec/ec2_smpl.c b/src/lib/libcrypto/ec/ec2_smpl.c
index af94458ca7..03deae6674 100644
--- a/src/lib/libcrypto/ec/ec2_smpl.c
+++ b/src/lib/libcrypto/ec/ec2_smpl.c
@@ -887,7 +887,7 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_
         field_sqr = group->meth->field_sqr;     
 
         /* only support affine coordinates */
-        if (!point->Z_is_one) goto err;
+        if (!point->Z_is_one) return -1;
 
         if (ctx == NULL)
                 {
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h
index 310a3387be..d6d61a0c7d 100644
--- a/src/lib/libcrypto/opensslv.h
+++ b/src/lib/libcrypto/opensslv.h
@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER  0x1000005fL
+#define OPENSSL_VERSION_NUMBER  0x1000006fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.0e-fips 6 Sep 2011"
+#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.0f-fips 4 Jan 2012"
 #else
-#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.0e 6 Sep 2011"
+#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.0f 4 Jan 2012"
 #endif
 #define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 7c941885f0..2e1ddd48d3 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -314,51 +314,56 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
         return ret;
 }
 
-static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f,
-        BIGNUM *r, BN_CTX *ctx)
-{
-        if (local)
+static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
+        BN_CTX *ctx)
+        {
+        if (unblind == NULL)
+                /* Local blinding: store the unblinding factor
+                 * in BN_BLINDING. */
                 return BN_BLINDING_convert_ex(f, NULL, b, ctx);
         else
                 {
-                int ret;
-                CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING);
-                ret = BN_BLINDING_convert_ex(f, r, b, ctx);
-                CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING);
-                return ret;
-                }
-}
-
-static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f,
-        BIGNUM *r, BN_CTX *ctx)
-{
-        if (local)
-                return BN_BLINDING_invert_ex(f, NULL, b, ctx);
-        else
-                {
+                /* Shared blinding: store the unblinding factor
+                 * outside BN_BLINDING. */
                 int ret;
                 CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
-                ret = BN_BLINDING_invert_ex(f, r, b, ctx);
+                ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
                 CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
                 return ret;
                 }
-}
+        }
+
+static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
+        BN_CTX *ctx)
+        {
+        /* For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
+         * will use the unblinding factor stored in BN_BLINDING.
+         * If BN_BLINDING is shared between threads, unblind must be non-null:
+         * BN_BLINDING_invert_ex will then use the local unblinding factor,
+         * and will only read the modulus from BN_BLINDING.
+         * In both cases it's safe to access the blinding without a lock.
+         */
+        return BN_BLINDING_invert_ex(f, unblind, b, ctx);
+        }
 
 /* signing */
 static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
              unsigned char *to, RSA *rsa, int padding)
         {
-        BIGNUM *f, *ret, *br, *res;
+        BIGNUM *f, *ret, *res;
         int i,j,k,num=0,r= -1;
         unsigned char *buf=NULL;
         BN_CTX *ctx=NULL;
         int local_blinding = 0;
+        /* Used only if the blinding structure is shared. A non-NULL unblind
+         * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
+         * the unblinding factor outside the blinding structure. */
+        BIGNUM *unblind = NULL;
         BN_BLINDING *blinding = NULL;
 
         if ((ctx=BN_CTX_new()) == NULL) goto err;
         BN_CTX_start(ctx);
         f   = BN_CTX_get(ctx);
-        br  = BN_CTX_get(ctx);
         ret = BN_CTX_get(ctx);
         num = BN_num_bytes(rsa->n);
         buf = OPENSSL_malloc(num);
@@ -406,8 +411,15 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                 }
         
         if (blinding != NULL)
-                if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))
+                {
+                if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
+                        {
+                        RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                        }
+                if (!rsa_blinding_convert(blinding, f, unblind, ctx))
                         goto err;
+                }
 
         if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
                 ((rsa->p != NULL) &&
@@ -441,7 +453,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                 }
 
         if (blinding)
-                if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
+                if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
                         goto err;
 
         if (padding == RSA_X931_PADDING)
@@ -480,18 +492,21 @@ err:
 static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
              unsigned char *to, RSA *rsa, int padding)
         {
-        BIGNUM *f, *ret, *br;
+        BIGNUM *f, *ret;
         int j,num=0,r= -1;
         unsigned char *p;
         unsigned char *buf=NULL;
         BN_CTX *ctx=NULL;
         int local_blinding = 0;
+        /* Used only if the blinding structure is shared. A non-NULL unblind
+         * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
+         * the unblinding factor outside the blinding structure. */
+        BIGNUM *unblind = NULL;
         BN_BLINDING *blinding = NULL;
 
         if((ctx = BN_CTX_new()) == NULL) goto err;
         BN_CTX_start(ctx);
         f   = BN_CTX_get(ctx);
-        br  = BN_CTX_get(ctx);
         ret = BN_CTX_get(ctx);
         num = BN_num_bytes(rsa->n);
         buf = OPENSSL_malloc(num);
@@ -529,8 +544,15 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                 }
         
         if (blinding != NULL)
-                if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))
+                {
+                if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
+                        {
+                        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
                         goto err;
+                        }
+                if (!rsa_blinding_convert(blinding, f, unblind, ctx))
+                        goto err;
+                }
 
         /* do the decrypt */
         if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
@@ -564,7 +586,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                 }
 
         if (blinding)
-                if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
+                if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
                         goto err;
 
         p=buf;
diff --git a/src/lib/libcrypto/util/mkerr.pl b/src/lib/libcrypto/util/mkerr.pl
index 2c99467d34..aec401c773 100644
--- a/src/lib/libcrypto/util/mkerr.pl
+++ b/src/lib/libcrypto/util/mkerr.pl
@@ -769,7 +769,7 @@ EOF
         undef %err_reason_strings;
 }
 
-if($debug && defined(%notrans)) {
+if($debug && %notrans) {
         print STDERR "The following function codes were not translated:\n";
         foreach(sort keys %notrans)
         {
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 5a0b0249b4..701ec565e9 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1732,7 +1732,7 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
         atm.length=sizeof(buff2);
         atm.data=(unsigned char *)buff2;
 
-        if (X509_time_adj(&atm,-offset*60, cmp_time) == NULL)
+        if (X509_time_adj(&atm, offset*60, cmp_time) == NULL)
                 return 0;
 
         if (ctm->type == V_ASN1_UTCTIME)